From 0a5729e08ac172c77aca51b75558f9f2f5c41fa4 Mon Sep 17 00:00:00 2001
From: Ardit Marku <markoupetr@gmail.com>
Date: Mon, 5 Jan 2026 11:51:35 +0200
Subject: [PATCH] Add EVM function to reclaim ERC20 tokens from attacker's EOA
 addresses

---
 fvm/evm/stdlib/contract.cdc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/fvm/evm/stdlib/contract.cdc b/fvm/evm/stdlib/contract.cdc
index d29cc1afc0f..1ff6fac78f4 100644
--- a/fvm/evm/stdlib/contract.cdc
+++ b/fvm/evm/stdlib/contract.cdc
@@ -1044,6 +1044,22 @@ access(all) contract EVM {
         ) as! Result
     }
 
+    /// This is only a temporary measure and will be removed immediately
+    /// after the remediation of the illicit tokens
+    // in the Dec 2025 security incident is complete.
+    /// This function can only be called from the `FlowServiceAccount` contract,
+    /// and only from the holder of `FlowServiceAccount.Administrator` resource.
+    access(account)
+    fun reclaimERC20FromAttackerEOAs(from: String, to: String, data: [UInt8]): Result {
+        return InternalEVM.call(
+            from: EVM.addressFromString(from).bytes,
+            to: EVM.addressFromString(to).bytes,
+            data: data,
+            gasLimit: 16_000_000,
+            value: UInt(0)
+        ) as! Result
+    }
+
     init() {
         self.setupHeartbeat()
     }